I don't know if this has an impact on the demo applets and so on but I remember there has been some discussions on these forums about applet signing. If I read the link correctly the default security in JDK will exclude self signed certificates.
* Code signatures from a trusted authority. All code for Applets and Web Start applications must be signed.
* Permissions – Introduced in 7u25, and required as of 7u51. Indicates if the RIA should run within the sandbox or require full-permissions.
* Codebase – Introduced in 7u25 and optional/encouraged as of 7u51. Points to the known location of the hosted code (e.g. intranet.example.com).
It's already there. It's no longer possible to run my game that uses a self-signed certificate. The sandbox is quite useless now as even a sandboxed application must be signed with a "trusted" certificate. Moreover, time stamping JARs is now recommended (otherwise you get a warning). Oracle Java is becoming very difficult to use in production, there have been so many changes the last 6 months, they affect LiveConnect too, it's a nightmare.